{"id":51317,"date":"2024-05-29T14:00:11","date_gmt":"2024-05-29T18:00:11","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=51317"},"modified":"2024-05-29T14:00:11","modified_gmt":"2024-05-29T18:00:11","slug":"top-exploited-vulnerabilities-cve-2023-q1-2024","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/51317\/","title":{"rendered":"Exploited vulnerabilities in 2023 and 2024"},"content":{"rendered":"

The number of software vulnerabilities discovered annually continues to grow<\/a>, with total vulnerabilities discovered in a year fast approaching the 30,000 mark. But it\u2019s important for cybersecurity teams to identify precisely which vulnerabilities attackers are actually exploiting. Changes in the list of criminals\u2019 favorite vulnerabilities greatly influence which updates or countermeasures should be prioritized. That\u2019s why we regularly monitor these changes. Thus, here are the conclusions that can be drawn from our Exploit and Vulnerability Report for Q1 2024<\/a>.<\/p>\n

Vulnerabilities are becoming increasingly critical; exploits \u2014 easily available<\/h2>\n

Thanks to bug bounty programs and automation, vulnerability hunting has increased significantly in scale. This means vulnerabilities are discovered more frequently, and when researchers find an interesting attack vector, the first identified vulnerability is often followed by a whole series of others \u2014 as we recently saw with Ivanti solutions<\/a>. 2023 set a five-year record for the number of critical vulnerabilities found. At the same time, vulnerabilities are becoming increasingly accessible to an ever-wider range of attackers and defenders\u00a0\u2014 for more than 12% of discovered vulnerabilities\u2019 proofs of concept (PoC) became publicly available shortly after.<\/p>\n

Exponential growth of Linux threats<\/h2>\n

Although the myth that \u201cno one attacks Linux\u201d has already been dispelled, many specialists still underestimate the scale of Linux threats. Over the last year, the number of exploited CVEs in Linux and popular Linux applications increased more than threefold. The lion\u2019s share of exploitation attempts target servers, as well as various devices based on *nix systems.<\/p>\n

A striking example of the interest of attackers in Linux was the multi-year operation to compromise the XZ library and utilities<\/a> in order to create an SSH backdoor in popular Linux distributions.<\/p>\n

OSs contain more critical flaws, but other applications are exploited more often<\/h2>\n

Operating systems were found to contain the most critical vulnerabilities with available exploits; however, \u00a0critical defects in OSs are rarely useful for initially penetrating an organization\u2019s information infrastructure. Therefore, if you look at the top vulnerabilities actually exploited in APT cyberattacks, the picture changes significantly.<\/p>\n

In 2023, the top spot in the exploited vulnerabilities list changed: after many years of its being MS Office, WinRAR took its place with CVE-2023-38831 \u2014 used by many espionage and criminal groups to deliver malware<\/a>. However, the second, third, and fifth places in 2023 were still occupied by Office flaws, with the infamous Log4shell<\/a> joining them in fourth place. Two vulnerabilities in MS Exchange were also among the most frequently exploited.<\/p>\n

In first quarter of 2024, the situation has changed completely: very convenient security holes in internet-accessible services have opened up for attackers, allowing mass exploitation \u2014 namely in the MSP application ConnectWise, and also Ivanti\u2019s Connect Secure and Policy Secure. In the popularity ranking, WinRAR has dropped to third place, and Office has disappeared from the top altogether.<\/p>\n

Organizations are too slow in patching<\/h2>\n

Only three vulnerabilities from the top 10 last year were discovered in 2023. The rest of the actively exploited CVEs date back to 2022, 2020, and even 2017. This means that a significant number of companies either selectively update their IT systems or leave some issues unaddressed for several years without applying countermeasures at all. IT departments can rarely allocate enough resources to patch everything on time, so a smart medium-term solution is to invest in products for automatic detection of vulnerable objects in IT infrastructure and software updating.<\/p>\n

The first weeks after a vulnerability is publicly disclosed are the most critical<\/h2>\n

Attackers try to take full advantage of newly published vulnerabilities, so the first weeks after an exploit appears see the most activity. This should be considered when planning update cycles. It\u2019s essential to have a response plan in case a critical vulnerability appears that directly affects your IT infrastructure and requires immediate patching. Of course, the automation tools mentioned above greatly assist in this.<\/p>\n

New attack vectors<\/h2>\n

You can\u2019t focus only on office applications and \u201cperipheral\u201d services. Depending on an organization\u2019s IT infrastructure, significant risks can arise from the exploitation of other vectors\u00a0\u2014 less popular but very effective for achieving specific malicious goals. Besides the already mentioned CVE-2024-3094 in XZ Utils, other vulnerabilities of interest to attackers include CVE-2024-21626 in runc \u2014 allowing escape from a container, and CVE-2024-27198 in the CI\/CD tool TeamCity \u2014 providing access to software developer systems.<\/p>\n

Protection recommendations<\/h2>\n

Maintain an up-to-date and in-depth understanding of the company\u2019s IT assets, keeping detailed records of existing servers, services, accounts, and applications.<\/p>\n

Implement an update management system that ensures the prompt identification of vulnerable software and patching. The Kaspersky Vulnerability Assessment and Patch Management<\/a> solution combined with the Kaspersky Vulnerability Data Feed<\/a> is ideal for this.<\/p>\n

Use security solutions<\/a> capable of both preventing the launch of malware and detecting and stopping attempts to exploit known vulnerabilities on all computers and servers in your organization.<\/p>\n

Implement a comprehensive multi-level protection system that can detect anomalies in the infrastructure and targeted attacks on your organization, including attempts to exploit vulnerabilities and the use of legitimate software by attackers. For this, the Kaspersky Symphony solution, which can be adapted to the needs of companies of varying size, is perfectly suited.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

Today we discuss which services and applications should be patched first, and what attackers are focusing on.<\/p>\n","protected":false},"author":2722,"featured_media":51318,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1999,3051,3052],"tags":[268],"class_list":{"0":"post-51317","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-business","8":"category-enterprise","9":"category-smb","10":"tag-vulnerabilities"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/51317\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/27506\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/22824\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/30178\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/27658\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/37557\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/top-exploited-vulnerabilities-cve-2023-q1-2024\/27825\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/33652\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/top-exploited-vulnerabilities-cve-2023-q1-2024\/33317\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/vulnerabilities\/","name":"vulnerabilities"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/51317","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2722"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=51317"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/51317\/revisions"}],"predecessor-version":[{"id":51319,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/51317\/revisions\/51319"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/51318"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=51317"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=51317"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=51317"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}